Nội dung Text: Using Samba-2. Installing Samba on a Unix System-P1

2. Installing Samba on a Unix System
Now that you know what Samba can do for you and your users, it's time to
get your own network set up. Let's start with the installation of Samba itself
on a Unix system. When dancing the samba, one learns by taking small
steps. It's just the same when installing Samba; we need to teach it step by
step. This chapter will help you to start off on the right foot.
For illustrative purposes, we will be installing the 2.0.4 version of the Samba
server on a Linux[ 1] system running version 2.0.31 of the kernel. However,
the installation steps are the same for all of the platforms that Samba
supports. A typical installation will take about an hour to complete,
including downloading the source files and compiling them, setting up the
configuration files, and testing the server.
[1] If you haven't heard of Linux yet, then you're in for a treat. Linux is a
freely distributed Unix-like operating system that runs on the Intel x86,
Motorola PowerPC, and Sun Sparc platforms. The operating system is
relatively easy to configure, extremely robust, and is gaining in popularity.
You can get more information on the Linux operating system at
http://www.linux.org /.
Here is an overview of the steps:
1. Download the source or binary files.
2. Read the installation documentation.

3. Configure a makefile.
4. Compile the server code.
5. Install the server files.
6. Create a Samba configuration file.
7. Test the configuration file.
8. Start the Samba daemons.
9. Test the Samba daemons.
2.1 Downloading the Samba Distribution
If you want to get started quickly, the CD-ROM packaged with this book
contains both the sources and binaries of Samba that were available as this
book went to print. The CD is a mirror image of the files and directories on
the Samba download server: ftp.samba.org.
On the other hand, if you want to download the latest version, the primary
web site for the Samba software is http://www.samba.org. Once connected
to this page, you'll see links to several Samba mirror sites across the world,
both for the standard Samba web pages and sites devoted exclusively to
downloading Samba. For the best performance, choose a site that is closest
to your own geographic location.
The standard Samba web sites have Samba documentation and tutorials,
mailing list archives, and the latest Samba news, as well as source and
binary distributions of Samba. The download sites (sometimes called F T P

sites) have only the source and binary distributions. Unless you specifically
want an older version of the Samba server or are going to install a binary
distribution, download the latest source distribution from the closest mirror
site. This distribution is always named:
samba-latest.tar.gz
If you choose to use the version of Samba that is located on the CD-ROM
packaged with this book, you should find the latest Samba distribution in the
base directory.
2.1.1 Binary or Source?
Precompiled packages are also available for a large number of Unix
platforms. These packages contain binaries for each of the Samba
executables as well as the standard Samba documentation. Note that while
installing a binary distribution can save you a fair amount of trouble and
time, there are a couple of issues that you should keep in mind when
deciding whether to use the binary or compile the source yourself:
• The binary packages can lag behind the latest version of the software
by one or two (maybe more) minor releases, especially after a series
of small changes and for less popular platforms. Compare the release
notes for the source and binary packages to make sure that there aren't
any new features that you need on your platform. This is especially
true of the sources and binaries on the CD-ROM: at the time this book
went to print, they were from the latest production release of Samba.

However, development is ongoing, so the beta-test versions on the
Internet will be newer.
• If you use a precompiled binary, you will need to ensure that you have
the correct libraries required by the executables. On some platforms
the executables are statically linked so this isn't an issue, but on
modern Unix operating systems (e.g., Linux, SGI Irix, Solaris, HP-
UX, etc.), libraries are often dynamically linked. This means that the
binary looks for the right version of each library on your system, so
you may have to install a new version of a library. The README file
or makefile that accompanies the binary distribution should list any
special requirements.[ 2]
[2] This is especially true with programs that use glibc-2.1 (which
comes standard with Red Hat Linux 6). This library caused quite a
consternation in the development community when it was released
because it was incompatable with previous versions of g libc.
Many machines with shared libraries come with a nifty tool called ldd.
This tool will tell you which libraries a specific binary requires and
which libraries on the system satisfy that requirement. For example,
checking the smbd program on our test machine gave us:
$ ldd smbd

libreadline.so.3 => /usr/lib/libreadline.so.3
libdl.so.2 => /lib/libdl.so.2
libcrypt.so.1 => /lib/libcrypt.so.1
libc.so.6 => /lib/libc.so.6
libtermcap.so.2 => /lib/libtermcap.so.2
/lib/ld-linux.so.2 => /lib/ld-linux.so.2
• If there are any incompatibilities between Samba and specific libraries
on your machine, the distribution-specific documentation should
highlight those.
• Keep in mind that each binary distribution carries preset values about
the target platform, such as default directories and configuration
option values. Again, check the documentation and the makefile
included in the source directory to see which directives and variables
were used when the binary was compiled. In some cases, these will
not be appropriate for your situation.
A few configuration items can be reset with command-line options at
runtime instead of at compile time. For example, if your binary tries to
place any log, lock, or status files in the "wrong" place (for example,
in /usr/local ), you can override this without recompiling.

One point worth mentioning is that the Samba source requires an ANSI C
compiler. If you are on a platform with a non-ANSI compiler, such as the cc
compiler on SunOS version 4, you'll have to install an ANSI-compliant
compiler such as gcc before you do anything else.[ 3] If installing a compiler
isn't something you want to wrestle with, you can start off with a binary
package. However, for the most flexibility and compatibility on your system,
we always recommend compiling from the latest source.
[3] gcc binaries are available for almost every modern machine. See
http://www.gnu.org/ for a list of sites with gcc and other GNU software.
2.1.2 Read the Documentation
This sounds like an obvious thing to say, but there have probably been times
where you have uncompressed a package, blindly typed configure,
make, and make install, and walked away to get another cup of coffee.
We'll be the first to admit that we do that, many more times than we should.
It's a bad idea - especially when planning a network with Samba.
Samba 2.0 automatically configures itself prior to compilation. This reduces
the likelihood of a machine-specific problem, but there may be an option
mentioned in the README file that you end up wishing for after Samba's
been installed. With both source and binary packages you'll find a large
number of documents in the docs directory, in a variety of formats. The most
important files to look at in the distribution are:
WHATSNEW.txt

docs/textdocs/UNIX_INSTALL.txt
These files tell you what features you can expect in your Samba distribution,
and will highlight common installation problems that you're likely to face.
Be sure to look over both of them before you start the compilation process.
2.2 Configuring Samba
The source distribution of Samba 2.0 and above doesn't initially have a
makefile. Instead, one is generated through a GNU configure script, which is
located in the samba-2.0.x /source/ directory. The configure script, which
must be run as root, takes care of the machine-specific issues of building
Samba. However, you still may want to decide on some global options.
Global options can be set by passing options on the command-line:
# ./configure --with-ssl
For example, this will configure the Samba makefile with support for the
Secure Sockets Layer (SSL) encryption protocol. If you would like a
complete list of options, type the following:
#./configure --help
Each of these options enable or disable various features. You typically
enable a feature by specifying the --with- feature option, which will
cause the feature to be compiled and installed. Likewise, if you specify a --

without- feature option, the feature will be disabled. As of Samba
2.0.5, each of the following features is disabled by default:
--with-smbwrapper
Include SMB wrapper support, which allows executables on the Unix
side to access SMB/CIFS filesystems as if they were regular Unix
filesystems. We recommend using this option. However, at this time
this book went to press, there were several incompatibilities between
the smbwrapper package and the GNU libc version 2.1, and it would
not compile on Red Hat 6.0. Look for more information on these
incompatibilities on the Samba home page.
--with-afs
Include support of the Andrew Filesystem from Carnegie Mellon
University. If you're going to serve AFS files via Samba, we
recommend compiling Samba once first without enabling this feature
to ensure that everything runs smoothly. Once that version is working
smoothly, recompile Samba with this feature enabled and compare
any errors you might receive against the previous setup.
--with-dfs
Include support for DFS, a later version of AFS, used by OSF/1
(Digital Unix). Note that this is not the same as Microsoft DFS, which
is an entirely different filesystem. Again, we recommend compiling
Samba once first without this feature to ensure that everything runs

smoothly, then recompile with this feature to compare any errors
against the previous setup.
--with-krb4= base-directory
Include support for Kerberos version 4.0, explicitly specifying the
base directory of the distribution. Kerberos is a network security
protocol from MIT that uses private key cryptography to provide
strong security between nodes. Incidentally, Microsoft has announced
that Kerberos 5.0 will be the standard authentication mechanism for
Microsoft Windows 2000 (NT 5.0). However, the Kerberos 5.0
authentication mechanisms are quite different from the Kerberos 4.0
security mechanisms. If you have Kerberos version 4 on your system,
the Samba team recommends that you upgrade and use the --with-
krb5 option (see the next item). You can find more information on
Kerberos at http://web.mit.edu/kerberos/www.
--with-krb5= base-directory
Include support for Kerberos version 5.0, explicitly specifying the
base directory of the distribution. Microsoft has announced that
Kerberos 5.0 will be the standard authentication mechanism for
Microsoft Windows 2000 (NT 5.0). However, there is no guarantee
that Microsoft will not extend Kerberos for their own needs in the
future. Currently, Samba's Kerberos support only uses a plaintext
password interface and not an encrypted one. You can find more
information on Kerberos at its home page:
http://web.mit.edu/kerberos/www.

--with-automount
Include support for automounter, a feature often used on sites that
offer NFS.
--with-smbmount
Include smbmount support, which is for Linux only. This feature
wasn't being maintained at the time the book was written, so the
Samba team made it an optional feature and provided smbwrapper
instead. The smbwrapper feature works on more Unix platforms than
smbmount, so you'll usually want to use --with-smbwrapper
instead of this option.
--with-pam
Include support for pluggable authentication modules (PAM), an
authentication feature common in the Linux operating system.
--with-ldap
Include support for the Lightweight Directory Access Protocol
(LDAP). A future version of LDAP will be used in the Windows 2000
(NT 5.0) operating system; this Samba support is experimental. LDAP
is a flexible client-server directory protocol that can carry information
such as certificates and group memberships.[ 4]
[4] By directory, we don't mean a directory in a file system, but
instead an indexed directory (such as a phone directory). Information
is stored and can be easily retrieved in a public LDAP system.

--with-nis
Include support for getting password-file information from NIS
(network yellow pages).
--with-nisplus
Include support for obtaining password-file information from NIS+,
the successor to NIS.
--with-ssl
Include experimental support for the Secure Sockets Layer (SSL),
which is used to provide encrypted connections from client to server.
Appendix A, Configuring Samba with SSL, describes setting up
Samba with SSL support.
--with-nisplus-home
Include support for locating which server contains a particular user's
home directory and telling the client to connect to it. Requires --
with-nis and, usually, --with-automounter.
--with-mmap
Include experimental memory mapping code. This is not required for
fast locking, which already uses mmap or System V shared memory.
--with-syslog

Include support for using the SYSLOG utility for logging information
generated from the Samba server. There are a couple of Samba
configuration options that you can use to enable SYSLOG support;
Chapter 4, Disk Shares , discusses these options.
--with-netatalk
Include experimental support for interoperating with the (Macintosh)
Netatalk file server.
--with-quotas
Include disk-quota support.
Because each of these options is disabled by default, none of these features
are essential to Samba. However, you may want to come back and build a
modified version of Samba if you discover that you need one at a later time.
In addition, Table 2.1 shows some other parameters that you can give the
configure script if you wish to store parts of the Samba distribution in
different places, perhaps to make use of multiple disks or partitions. Note
that the defaults sometimes refer to a prefix specified earlier in the table.
Table 2.1: Additional Configure Options
Option Meaning Default

Table 2.1: Additional Configure Options
Option Meaning Default
--datadir= Install read-only architecture prefix /share
directory independent data in the directory
specified.
--libdir= Install program libraries in the eprefix /lib
directory directory specified.
--includedir= Install package include files in prefix
directory the directory specified. /include
--infodir= Install additional information prefix /info
directory files in the directory specified.
--mandir= Install manual pages in the prefix /man
directory directory specified.
Again, before running the configure script, it is important that you are the
root user on the system. Otherwise, you may get a warning such as:

configure: warning: running as non-root will
disable some tests
You don't want any test to be disabled when the Samba makefile is being
created; this leaves the potential for errors down the road when compiling or
running Samba on your system.
Here is a sample execution of the configure script, which creates a Samba
2.0.4 makefile for the Linux platform. Note that you must run the configure
script in the source directory, and that several lines from the middle of the
excerpt have been omitted:
# cd samba-2.0.4b/source/
# ./configure | tee mylog
loading cache ./config.cache
checking for gcc... (cached) gcc
checking whether the C compiler (gcc -O ) works...
yes
checking whether the C compiler (gcc -O ) is a
cross-compiler... no

checking whether we are using GNU C... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for a BSD compatible install... (cached)
/usr/bin/install -c
...(content omitted)...
checking configure summary
configure OK
creating ./config.status
creating include/stamp-h
creating Makefile
creating include/config.h
In general, any message from configure that doesn't begin with the words
checking or creating is an error; it often helps to redirect the output of
the configure script to a file so you can quickly search for errors, as we did
with the tee command above. If there was an error during configuration,

more detailed information about it can be found in the config.log file, which
is written to the local directory by the configure script.
If the configuration works, you'll see a checking configure summary
message followed by a configure OK message and four or five file
creation messages. So far, so good.... Next step: compiling.
2.3 Compiling and Installing Samba
At this point you should be ready to build the Samba executables. Compiling
is also easy: in the source directory, type make on the command line. The
make utility will produce a stream of explanatory and success messages,
beginning with:
Using FLAGS = -O -Iinclude ...
This build includes compiles for both smbd and nmbd, and ends in a linking
command for bin/make_ printerdef. For example, here is a sample make of
Samba version 2.0.4 on a Linux server:
# make
Using FLAGS = -O -Iinclude -I./include -I./ubiqx -
I./smbwrapper -
DSMBLOGFILE="/usr/local/samba/var/log.smb" -

Compiling utils/make_smbcodepage.c
Linking bin/make_smbcodepage
Compiling utils/nmblookup.c
Linking bin/nmblookup
Compiling utils/make_printerdef.c
Linking bin/make_printerdef
If you encounter problems when compiling, check the Samba documentation
to see if it is easily fixable. Another possibility is to search or post to the
Samba mailing lists, which are given at the end of appd-34717, and on the
Samba home page. Most compilation issues are system specific and almost
always easy to overcome.
Now that the files have been compiled, you can install them into the
directories you identified with the command:
#
make install
If you happen to be upgrading, your old Samba files will be saved with the
extension .old , and you can go back to that previous version with the
command make revert. After doing a make install, you should copy